Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp4224813pxf;
        Tue, 16 Mar 2021 08:24:50 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzkXobiKUFfOlfLMhDuqmnx6FwLkiyXTAvQDrc7O7C3IKKdVdy5K4P+wOqvNMooP7QRiM5B
X-Received: by 2002:a17:906:4e17:: with SMTP id z23mr30529522eju.439.1615908290562;
        Tue, 16 Mar 2021 08:24:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1615908290; cv=none;
        d=google.com; s=arc-20160816;
        b=PLSDKX4aR0QPFMeJLG6Hpjq5P+6CblGgX0Eq6DTuEwp6ECHdWYBEM+wwC3k3o/RWVC
         hTPZXU8F7C5DQqWv66g9hNWvXRs68i5PrfShM2d93EbFHW4paiiN/I9aEe0kumybmZWp
         c2Y1GaRwu4lpbcF/LRV5qXh1vVxcWKlB9ISGrBcyYk8Be+FbEUGOBqQdrNShWej0RsRz
         pe8EWts/512210TqbEotTU8xjldBdtumHO985tTiYlSch6Zbv06H6sLdjbQxIXngM69N
         LVb1l86W38An7McRxKcvPbUa+noJkIlADs74/aCMEkkm64fPHb0GYZIRSi4nPELYQ+nZ
         nATQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:date:cc:to:from:subject
         :message-id:dkim-signature;
        bh=jRb4B0KcEhZ4s3dOTpeBpsNGyWunNOch3xmQG6Fbmpw=;
        b=QoYXDVLP9dWdoD5Y+n+psWmV4JKbLh3SAfAW2UzrIK/rjgQnN61Z/gcbayt2o3UA8/
         /sgmvmZys0PH1jKUwa1LQRidKz9hAPT9FqrNySyDyEg3He6oheI3shjfZE1yev/kj/FD
         UGf+AMu548o0g7DRS2Jx5wN9CiroAGq+Es5HgBsm6aCvW3jhLYAYXz0l+i4P2ZPKV+ck
         bs5g58vKjHvwV1W43irwwXJE8jrbDjrxG0VqFIlJ13Z3NOmw3GJkMiv2LGHfIDU9Mhj9
         /4SmG2ldbK3Lx28ed6mNyDVLQAaut/GJjJC5a/wtdnpkyp3E7HrGTIValeMz4aE91DSe
         WuXA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=CPt6yNCy;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id lz9si14343120ejb.57.2021.03.16.08.24.26;
        Tue, 16 Mar 2021 08:24:50 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=CPt6yNCy;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232474AbhCPK4F (ORCPT <rfc822;maagaton03@gmail.com> + 99 others);
        Tue, 16 Mar 2021 06:56:05 -0400
Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:58461 "EHLO
        us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S232145AbhCPKzb (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 16 Mar 2021 06:55:31 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1615892131;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=jRb4B0KcEhZ4s3dOTpeBpsNGyWunNOch3xmQG6Fbmpw=;
        b=CPt6yNCy/xUUptUrE3wbXagrw/ZIIVVNFzTU8Uqoos92ppCBK/FRi4a8m8eZm7iaP+/04g
        dWmeUn0ZNhOmUxWYiQcrph4CMZOWaU1bI+bDRvkvC4PX1Do2/FBkkkt6VorfQ8QhBUuXoY
        cXdLDbofQNg5pSVSOe3ZMro9UCeOWhs=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-337-I_-lJ1JOOpyBsehK4z4uTg-1; Tue, 16 Mar 2021 06:55:27 -0400
X-MC-Unique: I_-lJ1JOOpyBsehK4z4uTg-1
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 351F2107ACCA;
        Tue, 16 Mar 2021 10:55:25 +0000 (UTC)
Received: from starship (unknown [10.35.207.30])
        by smtp.corp.redhat.com (Postfix) with ESMTP id 90F5F63633;
        Tue, 16 Mar 2021 10:55:20 +0000 (UTC)
Message-ID: <4cc6b314049d040ef878ee270ec8fa924cf7c9ec.camel@redhat.com>
Subject: Re: [PATCH 2/3] KVM: x86: guest debug: don't inject interrupts
 while single stepping
From:   Maxim Levitsky <mlevitsk@redhat.com>
To:     Sean Christopherson <seanjc@google.com>
Cc:     kvm@vger.kernel.org, Vitaly Kuznetsov <vkuznets@redhat.com>,
        linux-kernel@vger.kernel.org, Thomas Gleixner <tglx@linutronix.de>,
        Wanpeng Li <wanpengli@tencent.com>,
        Kieran Bingham <kbingham@kernel.org>,
        Jessica Yu <jeyu@kernel.org>,
        Jan Kiszka <jan.kiszka@siemens.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        "maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" <x86@kernel.org>,
        Joerg Roedel <joro@8bytes.org>,
        Jim Mattson <jmattson@google.com>,
        Borislav Petkov <bp@alien8.de>,
        Stefano Garzarella <sgarzare@redhat.com>,
        "H. Peter Anvin" <hpa@zytor.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Ingo Molnar <mingo@redhat.com>
Date:   Tue, 16 Mar 2021 12:55:19 +0200
In-Reply-To: <YE/vtYYwMakERzTS@google.com>
References: <20210315221020.661693-1-mlevitsk@redhat.com>
         <20210315221020.661693-3-mlevitsk@redhat.com> <YE/vtYYwMakERzTS@google.com>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.36.5 (3.36.5-2.fc32) 
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, 2021-03-15 at 16:37 -0700, Sean Christopherson wrote:
> On Tue, Mar 16, 2021, Maxim Levitsky wrote:
> > This change greatly helps with two issues:
> > 
> > * Resuming from a breakpoint is much more reliable.
> > 
> >   When resuming execution from a breakpoint, with interrupts enabled, more often
> >   than not, KVM would inject an interrupt and make the CPU jump immediately to
> >   the interrupt handler and eventually return to the breakpoint, to trigger it
> >   again.
> > 
> >   From the user point of view it looks like the CPU never executed a
> >   single instruction and in some cases that can even prevent forward progress,
> >   for example, when the breakpoint is placed by an automated script
> >   (e.g lx-symbols), which does something in response to the breakpoint and then
> >   continues the guest automatically.
> >   If the script execution takes enough time for another interrupt to arrive,
> >   the guest will be stuck on the same breakpoint RIP forever.
> > 
> > * Normal single stepping is much more predictable, since it won't land the
> >   debugger into an interrupt handler, so it is much more usable.
> > 
> >   (If entry to an interrupt handler is desired, the user can still place a
> >   breakpoint at it and resume the guest, which won't activate this workaround
> >   and let the gdb still stop at the interrupt handler)
> > 
> > Since this change is only active when guest is debugged, it won't affect
> > KVM running normal 'production' VMs.
> > 
> > 
> > Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
> > Tested-by: Stefano Garzarella <sgarzare@redhat.com>
> > ---
> >  arch/x86/kvm/x86.c | 6 ++++++
> >  1 file changed, 6 insertions(+)
> > 
> > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> > index a9d95f90a0487..b75d990fcf12b 100644
> > --- a/arch/x86/kvm/x86.c
> > +++ b/arch/x86/kvm/x86.c
> > @@ -8458,6 +8458,12 @@ static void inject_pending_event(struct kvm_vcpu *vcpu, bool *req_immediate_exit
> >  		can_inject = false;
> >  	}
> >  
> > +	/*
> > +	 * Don't inject interrupts while single stepping to make guest debug easier
> > +	 */
> > +	if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP)
> > +		return;
> 
> Is this something userspace can deal with?  E.g. disable IRQs and/or set NMI
> blocking at the start of single-stepping, unwind at the end?  Deviating this far
> from architectural behavior will end in tears at some point.

I don't worry about NMI, but for IRQs, userspace can clear EFLAGS.IF, but that
can be messy to unwind, if an instruction that clears the interrupt flag was
single stepped over.

There is also notion of interrupt shadow but it also is reserved for things
like delaying interrupts for one cycle after sti, and such.

IMHO KVM_GUESTDBG_SINGLESTEP is already non architectural feature (userspace
basically tell the KVM to single step the guest but it doesn't set TF flag
or something like that), so changing its definition shouldn't be a problem.

If you worry about some automated script breaking due to the change,
(I expect that KVM_GUESTDBG_SINGLESTEP is mostly used manually, especially
since single stepping is never 100% reliable due to various issues like that),
I can add another flag to it which will block all the interrupts.
(like say KVM_GUESTDBG_BLOCKEVENTS).

In fact qemu already has single step flags, enabled over special qemu gdb extension
'maintenance packet qqemu.sstepbits'

Those single step flags allow to disable interrupts and qemu timers during the single stepping,
(and both modes are enabled by default)
However kvm code in qemu ignores these bits.


What do you think? 

Best regards,
	Maxim Levitsky


> 
> > +
> >  	/*
> >  	 * Finally, inject interrupt events.  If an event cannot be injected
> >  	 * due to architectural conditions (e.g. IF=0) a window-open exit
> > -- 
> > 2.26.2
> >